Search CVE reports
1 – 6 of 6 results
CVE-2023-26964
Medium priorityAn issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | Needs evaluation | Not in release | Needs evaluation | Not in release | Ignored |
CVE-2022-31394
Medium priorityHyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | Not affected | Not in release | Needs evaluation | Not in release | Ignored |
CVE-2021-32715
Medium priorityhyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This...
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | Not affected | Not in release | Vulnerable | Not in release | Ignored |
CVE-2021-32714
Medium priorityhyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or...
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | Not affected | Not in release | Vulnerable | Not in release | Ignored |
CVE-2021-21299
Low priorityhyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw...
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | Needs evaluation | Not in release | Needs evaluation | Not in release | Not in release |
CVE-2020-35863
Medium priorityAn issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
1 affected packages
rust-hyper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
rust-hyper | — | — | Not affected | Not in release | Not in release |